CVE-2026-23404

In the Linux kernel, the following vulnerability has been resolved:

apparmor: replace recursive profile removal with iterative approach

The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes.

Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { }" | apparmor parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove

Replace the recursive aa profile list release() approach with an iterative approach in remove profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.